From f441d212f91d532c370b559bb4cb33a5fc8bb344 Mon Sep 17 00:00:00 2001
From: Iglocska <andras.iklody@gmail.com>
Date: Wed, 3 Feb 2016 09:59:35 +0100
Subject: [PATCH] Removing template elements fixed, fixes #899

---
 app/Controller/TemplateElementsController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Controller/TemplateElementsController.php b/app/Controller/TemplateElementsController.php
index 6c4710979..c138fb31f 100644
--- a/app/Controller/TemplateElementsController.php
+++ b/app/Controller/TemplateElementsController.php
@@ -217,9 +217,9 @@ class TemplateElementsController extends AppController {
 	public function delete($id) {
 		if (!$this->request->is('ajax')) Throw new MethodNotAllowedException('This action is for ajax requests only.');
 		$this->TemplateElement->read(null, $id);
-		if (!$this->_isSiteAdmin() && !$this->TemplateElement->Template->checkAuthorisation($this->TemplateElement['Template']['id'], $this->Auth->user(), true)) throw new NotAllowedException('You are not authorised to do that.');
+		if (!$this->_isSiteAdmin() && !$this->TemplateElement->Template->checkAuthorisation($this->TemplateElement->data['Template']['id'], $this->Auth->user(), true)) throw new NotAllowedException('You are not authorised to do that.');
 		if ($this->request->is('post')) {
-			if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['name'] == $this->TemplateElement->data['TemplateElement']['org']) {
+			if ($this->_isSiteAdmin() || $this->Auth->user('Organisation')['name'] == $this->TemplateElement->data['Template']['org']) {
 				// check permissions
 				if (empty($this->TemplateElement->data)) throw new NotFoundException();
 				$type = 'TemplateElement' . ucfirst($this->TemplateElement->data['TemplateElement']['element_definition']);